Project Work on Cryptography at University of Allahabad
1. PROJECT WORK ON CRYPTOGRAPHY
UNIVERSITY OF ALLAHABAD
Under The Supervision Of
Prof. R.R.Tiwari
Presented By
Arjun Shukla
B.Sc.3 Year
Roll No -803069
2. Certificate
This is certify that Arjun Shukla student of B.sc 3rd
year has undertaken the project of
“CRYPTOGRAPHY” under my guidance and supervision.
This work has been done in partial fulfillment of the requirement for the degree of “Bachelor of
Science” by University of Allahabad, Allahabad.
.
DATE- Prof.R.R.Tiwari
PLACE- Dean
Science Faculty
University of Allahabad
Allahabad
3. Acknowledgement
The project would not have been successfully completed without the
wholehearted support of our guide Prof. R. R. Tiwari. He always boosted our
morals assiduously.
We thank Sir for his conception and encouragement during the development of
the project. He is a mentor who knew all answers. We admire his infinite
patience and understanding that he guided us in a field we had no previous
experience .We would also like to thank Mr. Manish Jaiswal.
And all other faculty members of Computer Department have rendered us
significant encouragement, in vigorous support and continuous & kind
guidance. We thank them all for their invaluable guidance and other people
who directly or indirectly assisted us in the successful and timely completion of
Cryptography project.
Arjun Shukla
B.Sc. 3rd
Year
(Computer Science)
4.
5. Index
S.N. Contents Page No.
1 Introduction 6
2 History of Cryptography 7
3 What is cryptography 9
4 Security Services of Cryptography 12
5 Attacks on Cryptosystem 16
6 Hash Function 20
7 Benefits and Drawback of Cryptography
23
8 Application of Cryptography 25
9 Conclusion 26
10 References 27
6. INTRODUCTION
The Cryptanalysis is the process of attempting to discover the plain text
and/ or the key.
Applications of Various Cryptographic Technologies.
Why & How to Provide Network Security in the Certificates issuing,
The Validity & Trust for Certificate Services, Certificate Revocation in
the Internet , Intranet and other Network Communications, the
Applications of Network Security to the various Data Transfer
techniques and protocols .From the dawn of civilization, to the highly
networked societies that we live in Today communication has always
been an integral part of our existence.
●Radio communication
●Network communication
●Mobile communication
●Telephonic communication
All these methods and means of communication have played an
important role in our lives, but in the past few years, network
communication, especially over the Internet, has emerged as one of the
most powerful Methods of communication.
7. History of Cryptography
The art of cryptography is considered to be born along with the
art of writing. As civilizations evolved, human beings got
organized in tribes, groups, and kingdoms. This led to the
emergence of ideas such as power, battles, supremacy, and
politics. These ideas further fueled the natural need of people to
communicate secretly with selective recipient
which in turn ensured the continuous evolution of cryptography
as well.
The roots of cryptography are found in Roman and Egyptian
civilizations.
Hieroglyph – The Oldest Cryptographic Technique
The first known evidence of cryptography can be traced to the
use of ‘hieroglyph’. Some 4000 years ago, the Egyptians used to
communicate by messages written in hieroglyph.
This code was the secret known only to the scribes who used to
transmit messages on behalf of the kings.
Later, the scholars moved on to using simple mono-alphabetic
substitution ciphers during500 to 600 BC. This involved replacing
alphabets of message with other alphabets with some secret rule.
This rule became a key to retrieve the message back from the
garbled message.
The earlier Roman method of cryptography, popularly known as
the Caesar Shift Cipher relies on shifting the letters of a
message by an agreed number (three was a common choice), the
recipient of this message would then shift the letters back by the
same number and obtain the original message.
8. Original Message
a t T a c k A t d A
Each letter is sifted by 2
c v V c e m C v f C
“Secret message”
Evolution of cryptography
It is during and after the European Renaissance, various Italian
and Papal states led the rapid proliferation of cryptography
techniques. Various analysis and attack techniques were
researched in this era to break the secret codes.
• Improved coding techniques such as Vigenere Coding came
into existence in the 15th century, which offered moving letters in
the message with a number of variable places instead of moving
them the same number of places.
• Only after the 19th century, cryptography evolved from the
adhoc approaches to encryption to the more sophisticated art and
science of information security.
• In the early 20th century, the invention of mechanical and
electromechanical machines, such as the Enigma rotor machine,
provided more advanced and efficient means of coding the
information.
9. What is Cryptography:
Cryptography is the art and science of making a cryptosystem
that is capable of providing information security.
Cryptography deals with the actual securing of digital data. It
refers to the design of mechanisms based on mathematical
algorithms that provide fundamental information security
services. You can think of cryptography as the establishment of a
large toolkit containing different techniques in security
applications.
The term cryptology has its origin in Greek Kryptós lógos , which means
“hidden word.”Cryptography is the science of protecting data, which
provides means and methods of converting data into unreadable form, so
that Valid User can access Information at the Destination. Cryptography
is the science of using mathematics to encrypt and decrypt data.
Cryptography enables you to store sensitive information or transmit it
across insecure networks (like the Internet) so that it cannot be read by
anyone except the intended recipient. While cryptography is the science
of securing data, cryptanalysis is the science of analyzing and breaking
secure communication. Cryptanalysts are also called attackers.
Cryptology embraces both cryptography and cryptanalysis.
10. Security Services of Cryptography
The primary objective of using cryptography is to provide the
following four fundamental information security services. Let us
now see the possible goals intended to be fulfilled by
cryptography.
Confidentiality:
Confidentiality is the fundamental security service provided by
cryptography. It is a security service that keeps the information
from an unauthorized person. It is sometimes referred to as
privacy or secrecy.Confidentiality can be achieved through
numerous means starting from physical securing to the use of
mathematical algorithms for data encryption.
Data Integrity:
It is security service that deals with identifying any alteration to the data.
The data may get modified by an unauthorized entity intentionally or
accidently. Integrity service confirms that whether data is intact or not
since it was last created, transmitted, or stored by an authorized user.
Data integrity cannot prevent the alteration of data, but provides a means
for detecting whether data has been manipulated in an unauthorized
manner.
Authentication :
Authentication provides the identification of the originator. It
confirms to the receiver that the data received has been sent only
by an identified and verified sender.
Authentication service has two variants:
• Message authentication identifies the originator of the
11. message without any regard router or system that has sent
the message.
• Entity authentication is assurance that data has been
received from a specific entity, say a particular website.
Apart from the originator, authentication may also provide
assurance about other parameters related to data such as the
date and time of creation/transmission.
Non-repudiation:
It is a security service that ensures that an entity cannot refuse
the ownership of a previous commitment or an action. It is an
assurance that the original creator of the data cannot deny the
creation or transmission of the said data to a recipient or third
party.
Non-repudiation is a property that is most desirable in situations
where there are chances of a dispute over the exchange of data.
For example, once an order is placed electronically, a purchaser
cannot deny the purchase order, if non-repudiation service was
enabled in this transaction.
Source Destination
Unauthorized
12. Cryptosystem
A cryptosystem is an implementation of cryptographic techniques and
their accompanying infrastructure to provide information security
services. A cryptosystem is also referred to as a cipher system.
Let us discuss a simple model of a cryptosystem that provides
confidentiality to the information being transmitted. This basic
model is depicted in the illustration below
Encryption Key Decryption
KEY
Plaintext Ciphertext Plainte.
Cryptosystem
SenderSender ReceiverReceiver
Encryption
Algorithim
Decryption
Algorithm
ReceiverReceiver
13. The illustration shows a sender who wants to transfer some
sensitive data to a receiver in such a way that any party
intercepting or eavesdropping on the communication channel
cannot extract the data.
The objective of this simple cryptosystem is that at the end of
the process, only the sender and the receiver will know the
plaintext.
Components of a Cryptosystem:
The various components of a basic cryptosystem are as follows:
• Plaintext. It is the data to be protected during transmission.
• Encryption Algorithm. It is a mathematical process that produces a
cipher text for any given plaintext and encryption key. It is a
cryptographic algorithm that takes plaintext and an encryption key as
input and produces a ciphertext.
• Ciphertext. It is the scrambled version of the plaintext produced by the
encryption algorithm using a specific the encryption key. The ciphertext
is not guarded. It flows on public channel. It can be intercepted or
compromised by anyone who has access to the communication channel.
• Decryption Algorithm, It is a mathematical process, that produces a
unique plaintext for any given ciphertext and decryption key. It is a
cryptographic algorithm that takes a ciphertext and a decryption key as
input, and outputs a plaintext. The decryption algorithm essentially
reverses the encryption algorithm and is thus closely related to it.
14. • Encryption Key. It is a value that is known to the sender. The sender
inputs the encryption key into the encryption algorithm along with the
plaintext in order to compute the ciphertext.
• Decryption Key. It is a value that is known to the receiver. The
decryption key is related to the encryption key, but is not always
identical to it. The receiver inputs the decryption key into the decryption
algorithm along with the ciphertext in order to compute the plaintext.
Types of Cryptosystems:
Fundamentally, there are two types of cryptosystems based on the
manner in which encryption-decryption is carried out in the system:
• Symmetric Key Encryption
• Asymmetric Key Encryption
Symmetric Key Encryption:
The encryption process where same keys are used for encrypting
and decrypting the information is known as Symmetric Key
Encryption.
The study of symmetric cryptosystems is referred to as symmetric
cryptography. Symmetric cryptosystems are also sometimes referred
to as secret key cryptosystems.
A few well-known examples of symmetric key encryption methods are:
Digital Encryption Standard (DES), Triple-DES (3DES), IDEA.
Asymmetric Key Encryption:
The encryption process where different keys are used for
encrypting and decrypting the information is known as Asymmetric
Key Encryption.
15. Though the keys are different, they are mathematically related and hence,
retrieving the plaintext by decrypting ciphertext is feasible.
Asymmetric Key Encryption was invented in the 20th century to come
over the necessity of pre-shared secret key between communicating
persons. The salient features of this encryption scheme are as follows:
• Every user in this system needs to have a pair of dissimilar keys,
private key and public key. These keys are mathematically related –
when one key is used for encryption, the other can decrypt the
ciphertext back to the original plaintext.
• It requires to put the public key in public repository and the private
key as a well guarded secret. Hence, this scheme of encryption is
also called Public Key Encryption.
SYMMETRIC KEY CRYPTOGRAPHY:
16. In the present era, not only business but almost all the aspects of human life
are driven by information. Hence, it has become imperative to protect useful
information from malicious activities such as attacks. Let us consider the
types of attacks to which information is typically subjected to.
Attacks are typically categorized based on the action performed by the
attacker. An attack, thus, can be passive or active.
Passive Attacks
The main goal of a passive attack is to obtain unauthorized access to the
information. For example, actions such as intercepting and eavesdropping
on the communication channel can be regarded as passive attack.
These actions are passive in nature, as they neither affect information nor
disrupt the communication channel. A passive attack is often seen as
stealing information. The only difference in stealing physical goods and
stealing information is that theft of data still leaves the owner in possession
of that data. Passive information attack is thus more dangerous than
stealing of goods, as information theft may go unnoticed by the owner.
Attacks on Cryptography
Host A Host B
Attacker
17. Active Attacks
An active attack involves changing the information in some way by
conducting some
process on the information. For example
• Modifying the information in an unauthorized manner.
• Initiating unintended or unauthorized transmission of information.
• Alteration of authentication data such as originator name or timestamp
associated with information.
• Unauthorized deletion of data.
• Denial of access to information for legitimate users (denial of service).
H
Host A Host B
Attacker
18. Cryptography provides many tools and techniques for implementing
cryptosystems capable of preventing most of the attacks described above.
Cryptographic Attacks
The basic intention of an attacker is to break a cryptosystem and to find the
plaintext from the ciphertext. To obtain the plaintext, the attacker only
needs to find out the secret decryption key, as the algorithm is already in
public domain.
Hence, he applies maximum effort towards finding out the secret key used in
the cryptosystem. Once the attacker is able to determine the key, the
attacked system is considered as broken or compromised.
Based on the methodology used, attacks on cryptosystems are categorized
as follows:
• Ciphertext Only Attacks (COA): In this method, the attacker has access
to a set of ciphertext(s). He does not have access to corresponding
plaintext. COA is said to be successful when the corresponding plaintext can
be determined from a given set of ciphertext. Occasionally, the encryption
key can be determined from this attack. Modern cryptosystems are guarded
against ciphertext-only attacks.
• Known Plaintext Attack (KPA): In this method, the attacker knows the
plaintext for some parts of the ciphertext. The task is to decrypt the rest of
the ciphertext using this information. This may be done by determining the
key or via some other method. The best example of this attack is linear
cryptanalysis against block ciphers.
• Chosen Plaintext Attack (CPA): In this method, the attacker has the
text of his choice encrypted. So he has the ciphertext-plaintext pair of his
choice. This simplifies his task of determining the encryption key. An
example of this attack is differential cryptanalysis applied against block
19. ciphers as well as hash functions. A popular public key cryptosystem, RSA is
also vulnerable to chosen-plaintext attacks.
• Dictionary Attack: This attack has many variants, all of which involve
compiling a ‘dictionary’. In simplest method of this attack, attacker builds a
dictionary of ciphertexts and corresponding plaintexts that he has learnt
over a period of time.
In future, when an attacker gets the ciphertext, he refers the dictionary to
find the corresponding plaintext.
• Brute Force Attack (BFA): In this method, the attacker tries to
determine the key by attempting all possible keys. If the key is 8 bits long,
then the number of possible keys is 28 = 256. The attacker knows the
ciphertext and the algorithm, now he attempts all the 256 keys one by one
for decryption. The time to complete the attack would be very high if the key
is long.
20. Hash Function
Hash functions are extremely useful and appear in almost all information
security applications.
A hash function is a mathematical function that converts a numerical input
value into another compressed numerical value. The input to the hash
function is of arbitrary length but output is always of fixed length.
Values returned by a hash function are called message digest or simply
hash values.
The following picture illustrated hash function:
H
Message M (Arbitrary Length)
HH
Hash Value
h
21. Features of Hash Functions
The typical features of hash functions are:
• Fixed Length Output (Hash Value)
o Hash function coverts data of arbitrary length to a fixed length. This
process is often referred to as hashing the data.
o In general, the hash is much smaller than the input data, hence hash
functions are sometimes called compression functions.
• Efficiency of Operation
o Generally for any hash function h with input x, computation of h(x) is a
fast operation.
o Computationally hash functions are much faster than a symmetric
encryption.
Properties of Hash Functions
In order to be an effective cryptographic tool, the hash function is desired to
possess following properties:
• Pre-Image Resistance
o This property means that it should be computationally hard to reverse a
hash function.
o In other words, if a hash function h produced a hash value z, then it
should be a difficult process to find any input value x that hashes to z.
22. • Second Pre-Image Resistance
o This property means given an input and its hash, it should be hard to find
a different input with the same hash.
o In other words, if a hash function h for an input x produces hash value
h(x), then it should be difficult to find any other input value y such that h(y)
= h(x).
• Collision Resistance
o This property means it should be hard to find two different inputs of any
length that result in the same hash. This property is also referred to as
collision free hash function.
o In other words, for a hash function h, it is hard to find any two different
inputs x and y such that h(x) = h(y).
23. Cryptography-Benefits and Drawbacks
Cryptography–Benefits
Cryptography is an essential information security tool. It provides the four
most basic services of information security:
• Confidentiality – Encryption technique can guard the information and
communication from unauthorized revelation and access of information.
• Authentication – The cryptographic techniques such as MAC and digital
signatures can protect information against spoofing and forgeries.
• Data Integrity – The cryptographic hash functions are playing vital role in
assuring the users about the data integrity.
• Non-repudiation – The digital signature provides the non-repudiation
service to guard against the dispute that may arise due to denial of passing
message by the sender.
All these fundamental services offered by cryptography has enabled the
conduct of business over the networks using the computer systems in
extremely efficient and effective manner.
Cryptography–Drawbacks
Apart from the four fundamental elements of information security, there are
other issues that affect the effective use of information:
• A strongly encrypted, authentic, and digitally signed information can be
difficult to access even for a legitimate user at a crucial time of
decision-making. The network or the computer system can be attacked and
rendered non-functional by an intruder.
• High availability, one of the fundamental aspects of information security,
24. cannot be ensured through the use of cryptography. Other methods are
needed to guard against the threats such as denial of service or complete
breakdown of information system.
• Another fundamental need of information security of selective access
control also cannot be realized through the use of cryptography.
Administrative controls and procedures are required to be exercised for the
same.
• Cryptography does not guard against the vulnerabilities and threats that
emerge from the poor design of systems, protocols, and procedures.
These need to be fixed through proper design and setting up of a defensive
infrastructure.
• Cryptography comes at cost. The cost is in terms of time and money:
o Addition of cryptographic techniques in the information processing leads to
delay.
o The use of public key cryptography requires setting up and maintenance
of public key infrastructure requiring the handsome financial budget.
• The security of cryptographic technique is based on the computational
difficulty of mathematical problems. Any breakthrough in solving such
mathematical problems or increasing the computing power can render a
cryptographic technique vulnerable.
25. Applications Of Cryptography
1. Defense Services
2. Secure Data Manipulation
3. E –Commerce
4. Business Transactions
5. Internet Payment Systems
6. Pass Phrasing
7. Secure Internet Comm.
8. User Identification Systems
9. Access Control
10. Computational Security
11.Secure access to Corp Data
26. 12.Data Security.
Conclusion
Cryptography protects users by providing functionality for the
encryption of data and authentication of other users. This technology
lets the receiver of an electronic message verify the sender, ensures
that a message can be read only by the intended person, and
assures the recipient that a message has not be altered in transit.
This paper describes the cryptographic concepts of symmetric key
encryption, public-key encryption, security services of cryptography,
hash functions, Attacks on cryptosystem, and key exchange. The
Cryptography Attacking techniques like Active and Passive Attacks.
Cryptography is a particularly interesting field because of the amount of
work that is, by necessity, done in secret. The irony is that today, secrecy
is not the key to the goodness of a cryptographic algorithm. Regardless
of the mathematical theory behind an algorithm, the best algorithms are
those that are well known and well-documented because they are also
well-tested and well-studied! In fact, time is the only true test of good
cryptography; any cryptographic scheme that stays in use year after year
is most likely a good one. The strength of cryptography lies in the choice
(and management) of the keys; longer keys will resist attack better than
shorter keys.
27. References:
• Cryptography and Network Security –By William Stallings.
• Introduction to Cryptography –By Aysel Ozgur
• https://www.google.com